NetworkManager applet don't asked username and password openconnect

zakrush · 2023-09-12 21:47:33

Hello.
I spend many time for searching some problems with my VPN connection throught NetworkManager openconnect plugin.
I should up VPN by Cisco Any connect. Auth by certificate and username and password.

I have config:
i3wm + networkmanager 1.44.0-1 +networkmanager-openconnect 1.2.10-1 + gnome-keyring (if it needs)

When I push on vnp connection I don't get window for input PEM_pass_phrase, username and password. I got this errors
journalctl -xe

sep 13 00:22:53 redmi NetworkManager[1262]: <info>  [1694553773.1557] vpn[0x56265b4dcb70,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
sep 13 00:22:53 redmi NetworkManager[1262]: <info>  [1694553773.1558] audit: op="connection-activate" uuid="7b628aa8-674f-43af-a700-96182110a927" name="testVPN" pid=1705 uid=1000 result="success"
sep 13 00:22:53 redmi NetworkManager[1262]: <warn>  [1694553773.1736] vpn[0x56265b4dcb70,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.

When I connect manually by command
nmcli connection up testVPN --ask
I got VPN connection.

My config is

sudo cat /etc/NetworkManager/system-connections/testVPN.nmconnection

[connection]
id=testVPN
uuid=7b628aa8-674f-43af-a700-96182110a927
type=vpn
autoconnect=false

[vpn]
authtype=cert
autoconnect-flags=0
cacert=/home/dm/certificates/root.pem
certsigs-flags=0
cookie-flags=2
disable_udp=no
enable_csd_trojan=no
gateway=vpn.doman.com
gateway-flags=2
gwcert-flags=2
lasthost-flags=0
pem_passphrase_fsid=no
prevent_invalid_cert=no
protocol=anyconnect
resolve-flags=2
stoken_source=disabled
usercert=/home/dm/certificates/client_ssl.pem
xmlconfig-flags=0
service-type=org.freedesktop.NetworkManager.openconnect

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

[proxy]

I was trying to write password and user in vpn-secrets sections, but it didn't help me. Also I can't found some information about parameters this configs like password-flags and how save username.

All my variants got one error:

A password is required to connect to 'testVPN'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets

seth · 2023-09-13 04:47:29

https://wiki.archlinux.org/title/Networ … #nm-applet
Otherwise

loginctl session-status
echo $DBUS_SESSION_BUS_ADDRESS

and in doubt the last link below.

zakrush · 2023-09-13 05:31:57

[en]loginctl session-status[/en]

loginctl session-status
2 - dm (1000)
           Since: Wed 2023-09-13 08:17:49 MSK; 4min 23s ago
          Leader: 1663 (sddm-helper)
            Seat: seat0; vc2
             TTY: tty2
         Service: sddm; type x11; class user
           State: active
            Idle: no
            Unit: session-2.scope
                  ├─1663 /usr/lib/sddm/sddm-helper --socket /tmp/sddm-auth-2a2115bd-4f3f-4326-8e8f-2fbec75dcde6 --id 1 --start i3-with-shmlog --user dm
                  ├─1684 i3-with-shmlog
                  ├─1697 nm-applet
                  ├─1711 xclip
                  ├─1720 /usr/bin/python /usr/bin/autotiling
                  ├─1724 polybar bottom
                  ├─1912 compton -b
                  ├─2685 /opt/yandex/browser/yandex_browser
                  ├─2690 cat
                  ├─2691 cat
                  ├─2693 /opt/yandex/browser/chrome_crashpad_handler --monitor-self --monitor-self-annotation=ptype=crashpad-handler "--database=/home/dm/.config/yandex-browser/Crash Reports" --metrics-dir=/home>
                  ├─3260 "/opt/yandex/browser/yandex_browser --type=renderer --user-id=92005d01-d35e-4c27-a700-3fa919e9912a --brand-id=yandex --crashpad-handler-pid=2693 --enable-crash-reporter=27903d28-8b55-4ee>
                  ├─3441 alacritty
                  ├─3829 /bin/zsh
                  ├─4242 loginctl session-status
                  └─4243 less
sep 13 08:17:49 redmi systemd[1]: Started Session 2 of User dm.

echo $DBUS_SESSION_BUS_ADDRESS
unix:path=/run/user/1000/bus

As I understand it, gnome keyring is not running. I was searching different ways to run it but can't to make it with i3wm + sddm. It should to run.

Maybe It can be useful

 sudo systemctl status gnome-keyring-daemon
Unit gnome-keyring-daemon.service could not be found.

systemctl --user show-environment
HOME=/home/dm
LANG=ru_RU.UTF-8
LC_MESSAGES=en_US.UTF-8
LOGNAME=dm
MAIL=/var/spool/mail/dm
PATH=/usr/local/bin:/usr/bin:/var/lib/snapd/snap/bin
SHELL=/bin/zsh
USER=dm
XDG_RUNTIME_DIR=/run/user/1000
XDG_DATA_DIRS=/usr/local/share/:/usr/share/:/var/lib/snapd/desktop
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
DISPLAY=:0
XAUTHORITY=/tmp/xauth_vfZUYU

The logn password is the same as keyring password

Last edited by zakrush (2023-09-13 05:53:03)

seth · 2023-09-13 09:57:35

nm-applet should maybe still ask, gkr or not - afaiu it doesn't do that for you?

https://bbs.archlinux.org/viewtopic.php?id=278836
https://bbs.archlinux.org/viewtopic.php?id=285845 # suggests to explicitly disable GKR in the OpenVPN settings
https://bbs.archlinux.org/viewtopic.php?id=286378 # user actually cancelled, ultimate cause was a bad cipher algo.

Edit: your session is fine, it's not a dbus issue.

Last edited by seth (2023-09-13 09:57:57)

zakrush · 2023-09-15 06:37:38

seth wrote:

nm-applet should maybe still ask, gkr or not - afaiu it doesn't do that for you?
https://bbs.archlinux.org/viewtopic.php?id=278836
https://bbs.archlinux.org/viewtopic.php?id=285845 # suggests to explicitly disable GKR in the OpenVPN settings
https://bbs.archlinux.org/viewtopic.php?id=286378 # user actually cancelled, ultimate cause was a bad cipher algo.
Edit: your session is fine, it's not a dbus issue.

Yes it doesn't asked mee.

I read and try this toppics. Nothing help me.

First I installed webkit2gtk-4.1.2

pacman -Q | grep webkit2gtk
webkit2gtk-4.1 2.40.5-2

It didn't help me.

Then I downgrade networkmanager-openconnect to 1.2.8-2

pacman -Q | grep openconnect
networkmanager-openconnect 1.2.8-2
openconnect 1:8.10-1

It is also didn't help.
I have the same error:

secrets: failed to request VPN secrets #3: User canceled the secrets request.

seth · 2023-09-15 07:11:12

Can you try the behavior on openbox?
Just in case that nm-applet doesn't play ball w/ tiling WMs (and needs to be set to floating mode)?

zakrush · 2023-09-18 06:56:58

seth wrote:

Can you try the behavior on openbox?
Just in case that nm-applet doesn't play ball w/ tiling WMs (and needs to be set to floating mode)?

hmm... I'm thinking it will be some problem try with openbox.

So about floating mode. I don't have problem with ask and save WiFi password in float window.

seth · 2023-09-18 16:31:43

Run

nmcli connection up testVPN

see whether you get asked for credentials and if not, post the system journal

zakrush · Yesterday 08:47:08

seth wrote:

Run
nmcli connection up testVPN
see whether you get asked for credentials and if not, post the system journal

nmcli connection up testVPN
A password is required to connect to 'testVPN'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets
Hint: use 'journalctl -xe NM_CONNECTION=7b628aa8-674f-43af-a700-96182110a927 + NM_DEVICE=enp0s13f0u1u4u4' to get more details.

journalctl -xe NM_CONNECTION=7b628aa8-674f-43af-a700-96182110a927 + NM_DEVICE=enp0s13f0u1u4u4

сен 21 11:36:32 redmi NetworkManager[1267]: <info>  [1695285392.9934] vpn[0x557c127d8f30,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
сен 21 11:36:33 redmi NetworkManager[1267]: <warn>  [1695285393.0244] vpn[0x557c127d8f30,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.
сен 21 11:39:39 redmi NetworkManager[1267]: <info>  [1695285579.7697] vpn[0x557c1286c300,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
сен 21 11:39:39 redmi NetworkManager[1267]: <warn>  [1695285579.8015] vpn[0x557c1286c300,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.

journalctl -f

сен 21 11:45:29 redmi NetworkManager[1267]: <info>  [1695285929.2456] agent-manager: agent[a29a193b028741c1,:1.349/nmcli-connect/1000]: agent registered
сен 21 11:45:29 redmi NetworkManager[1267]: <info>  [1695285929.2476] vpn[0x557c12932270,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
сен 21 11:45:29 redmi NetworkManager[1267]: <info>  [1695285929.2478] audit: op="connection-activate" uuid="7b628aa8-674f-43af-a700-96182110a927" name="testVPN" pid=108245 uid=1000 result="success"
сен 21 11:45:29 redmi NetworkManager[1267]: <warn>  [1695285929.2784] vpn[0x557c12932270,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.

seth · Yesterday 15:55:14

Ok, contrary to the wiki, try "nmcli --ask connection up testVPN"

Arch Linux

#1 2023-09-12 21:47:33

NetworkManager applet don't asked username and password openconnect

#2 2023-09-13 04:47:29

Re: NetworkManager applet don't asked username and password openconnect

#3 2023-09-13 05:31:57

Re: NetworkManager applet don't asked username and password openconnect

#4 2023-09-13 09:57:35

Re: NetworkManager applet don't asked username and password openconnect

#5 2023-09-15 06:37:38

Re: NetworkManager applet don't asked username and password openconnect

#6 2023-09-15 07:11:12

Re: NetworkManager applet don't asked username and password openconnect

#7 2023-09-18 06:56:58

Re: NetworkManager applet don't asked username and password openconnect

#8 2023-09-18 16:31:43

Re: NetworkManager applet don't asked username and password openconnect

#9 Yesterday 08:47:08

Re: NetworkManager applet don't asked username and password openconnect

#10 Yesterday 15:55:14

Re: NetworkManager applet don't asked username and password openconnect

Board footer